Public ICS Disclosures – Week of Week of 3-22-25
This week we have 31 vendor disclosures from ABB (2), Arteche, B&R Automation, Hitachi, Hitachi Energy (2), HPE (4), Philips, Splunk (12), VMware, WatchGuard (2), and Westermo (3). There are also two vendor updates from Hitachi Energy and HP.
ABB Advisories
ABB published an advisory that discusses 18 vulnerabilities in their Low Voltage DC Drives and Power Controllers. These are third-party (CODESYS) vulnerabilities. ABB provides specific workarounds and notes that the devices are vulnerable only if an IEC 61131-3 license is provisioned to the memory unit.
ABB published an advisory that discusses 15 vulnerabilities in their ACS880 +N8010 Drives. These are third-party (CODESYS) vulnerabilities. ABB has firmware updates that mitigate the vulnerabilities.
Arteche Advisory
Incibe-CERT published an advisory that describes eight vulnerabilities in the Arteche saTECH BCU controller. The vulnerabilities were reported to Incibe-CERT by Aarón Flecha Menéndez and Gabriel Vía Echezarreta. Arteche has a new firmware version that mitigates the vulnerability.
The eight reported vulnerabilities are:
Improper privilege management - CVE-2025-2858,
Improper authentication - CVE-2025-2859,
Exposure of sensitive information to an unauthorized actor - CVE-2025-2860,
Cleartext transmission of sensitive information - CVE-2025-2861,
Weak encoding for password - CVE-2025-2862,
Cross-site request forgery - CVE-2025-2863,
Cross-site scripting - CVE-2025-2864, and
Permissive cross-domain policy with untrusted domains - CVE-2025-2865
B&R Advisory
B&R published an advisory that describes 13 vulnerabilities in their APROL control system. B&R has new versions that mitigate the vulnerabilities.
Hitachi Advisory
Hitachi published an advisory that discusses 121 vulnerabilities in their Disk Array Systems. These are third-party (mostly Microsoft) vulnerabilities. Hitachi has software updates that mitigate the vulnerabilities.
Hitachi Energy Advisories
Hitachi Energy published an advisory that describes four vulnerabilities in their RTU500 series products. Hitachi Energy has a new version for some of the affected products that mitigates one of the vulnerabilities. Versions to mitigate the remainder are pending release.
The four reported vulnerabilities are:
NULL pointer dereference (3) - CVE-2024-10037, CVE-2024-11499, and CVE-2024-12169, and
Missing synchronization - CVE-2025-1445
Hitachi Energy published an advisory that describes three vulnerabilities in their TRMTracker product. The vulnerabilities were reported by Eskom Holdings SOC. Hitachi Energy has new versions that mitigate the vulnerabilities.
The three reported vulnerabilities are:
LDAP injection - CVE-2025-27631,
Injection - CVE-2025-27632, and
Cross-site scripting - CVE-2025-27633
HPE Advisories
HPE published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in multiple HPE products. HPE has new versions that mitigate the vulnerability.
HPE published an advisory that discusses nine vulnerabilities (one with publicly available exploit) in B-Series SANnav Management Portal. These are third-party vulnerabilities. HPE has new versions that mitigate the vulnerabilities.
The nine reported vulnerabilities are:
Debug messages revealing unnecessary information - CVE-2025-1053,
Cleartext storage of sensitive information - CVE-2024-10404,
Execution with unnecessary privilege - CVE-2024-2240,
Use of a broken or risky cryptographic algorithm (2) - CVE-2024-10405 and CVE-2024-4282,
Missing authorization - CVE-2024-4317,
Privilege dropping/lowering errors - CVE-2024-0985 (exploit),
Uncontrolled resource consumption - CVE-2023-5870, and
Missing release of memory after effective lifetime - CVE-2022-38178
HPE published an advisory that discusses four vulnerabilities (three with publicly available exploits) in their Telco Service Orchestrator product. These are third-party vulnerabilities. HPE has a new version that mitigates the vulnerabilities.
The four reported vulnerabilities are:
Uncontrolled recursion - CVE-2024-57699 (exploit),
Server-side request forgery - CVE-2025-27152, and
Improper verification of cryptographic signature (2) - CVE-2025-29774 (exploit) and CVE-2025-29775 (exploit).
HPE published an advisory that discusses four vulnerabilities (one with publicly available exploit) in their Unified OSS Console (UOC) and HPE Unified OSS Assurance Monitoring (UOCAM) Software. These are third-party vulnerabilities. HPE has a new version that mitigates the vulnerabilities.
The four reported vulnerabilities are:
Cross-site scripting (3) - CVE-2024-43796, CVE-2024-43799, and CVE-2024-43800, and
Insufficient regular expression complexity - CVE-2024-21538 (exploit).
Philips Advisory
Philips published an advisory that discusses the IngressNightmare vulnerabilities. Philips announces that their Focal Point v2.1 product is affected. Affected customers are urged to contact the Philips InCenter for assistance.
Splunk Advisories
Splunk published an advisory that discusses a server-side request forgery vulnerability (with publicly available exploit) in their Infrastructure Monitoring Add-on. This is a third-party (Axios) vulnerability with a publicly available exploit. Splunk has a new version that mitigates the vulnerability.
Splunk published an advisory that discusses two vulnerabilities in their Add-on for Microsoft Cloud Services. These are third-party (OpenSSL) vulnerabilities. Splunk has a new version that mitigates the vulnerabilities.
The two reported vulnerabilities are:
Unchecked input for loop condition vulnerability - CVE-2024-4603, and
Improperly controlled sequential memory allocation - CVE-2024-2511
Splunk published an advisory that describes an incorrect permission assignment for critical function vulnerability in their App for Lookup File Editing application. Splunk has a new version that mitigates the vulnerability.
Splunk published an advisory that discusses ‘multiple’ (not individually listed in the advisory) vulnerabilities in their App for Data Science and Deep Learning. These are third-party vulnerabilities. Splunk has a new version that mitigates the vulnerabilities.
Splunk published an advisory that discusses ‘multiple’ (not individually listed in the advisory) vulnerabilities in their Enterprise product. These are third-party vulnerabilities. Splunk has a new version that mitigates the vulnerabilities.
Splunk published an advisory that describes an improper access control vulnerability in their Secure Gateway App. Splunk has new versions that mitigate the vulnerability.
Splunk published an advisory that describes an improper input validation vulnerability in their Enterprise Dashboard Studio. The vulnerability was reported by Taihei Shimamine. Splunk has new versions that mitigate the vulnerability.
Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise product. The vulnerability was reported by Anton (therceman). Splunk has new versions that mitigate the vulnerability.
Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise product. The vulnerability was reported by Anton (therceman). Splunk has new versions that mitigate the vulnerability.
Splunk published an advisory that describes a cross-site request forgery in their Enterprise product. The vulnerability was reported by Anton (therceman). Splunk has new versions that mitigate the vulnerability.
Splunk published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Secure Gateway App. The vulnerability was reported by Anton (therceman). Splunk has new versions that mitigate the vulnerability.
Splunk published an advisory that describes an improper access control vulnerability in their Enterprise product. The vulnerability was reported by Alex Hordijk. Splunk has new versions that mitigate the vulnerability.
VMware Advisory
Broadcom published an advisory that describes an authentication bypass using an alternate path or channel vulnerability in the VMware Tools for Windows product. The vulnerability was reported by Sergey Bliznyuk of Positive Technologies. VMware has new versions that mitigate the vulnerability.
WatchGuard Advisories
WatchGuard published an advisory that describes an incorrect default permissions vulnerability in their Terminal Services Agent product. WatchGuard has a new version that mitigates the vulnerability.
WatchGuard published an advisory that describes an incorrect default permissions vulnerability in their Mobile VPN product. WatchGuard has a new version that mitigates the vulnerability.
Westermo Advisories
Westermo published an advisory that discusses an improper argument handling vulnerability in their WeOS product. This is a third-party (unidentified) vulnerability. Westermo has new versions that mitigate the vulnerability.
Westermo published an advisory that describes a denial of service vulnerability in their WeOS product. Westermo has a new version that mitigates the vulnerability.
Westermo published an advisory that describes an insufficiently protected HTTP session token vulnerability in their WeOS product. Westermo has a new version for one of the affected products.
Hitachi Energy Update
Hitachi Energy published an update for their MicroSCADA Pro/X SYS600 advisory that was originally published on August 27th, 2024, and most recently updated on October 29th, 2024. The new information includes updating patches for versions 10.3, 10.4 and 10.5 under Recommended Actions.
HP Update
HP published an update for their Poly Devices advisory that was originally published on February 4th, 2025. The new information includes updating product list.